Skip to content

@firebase/auth includes selenium-webdriver and tslib as dependencies #6736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jekh opened this issue Oct 28, 2022 · 3 comments · Fixed by #6762
Closed

@firebase/auth includes selenium-webdriver and tslib as dependencies #6736

jekh opened this issue Oct 28, 2022 · 3 comments · Fixed by #6762
Assignees
@prameshj
Labels
api: auth

Comments

@jekh
Copy link

jekh commented Oct 28, 2022

[REQUIRED] Describe your environment

  • Firebase SDK version: 9.13.0
  • Firebase Product: auth

[REQUIRED] Describe the problem

@firebase/auth includes selenium-webdriver and tslib as runtime dependencies. This causes them to get pulled into production dependency bundles unnecessarily. These should probably be devDependencies (I'm assuming they're used at build and test time?), unless there is something very strange going on that requires @firebase/auth to parse typescript or use selenium at runtime. If there is a runtime dependency on selenium-webdriver or tslib, that is probably worth investigating too.

https://github.com/firebase/firebase-js-sdk/blob/master/packages/auth/package.json#L104
image

Steps to reproduce:

  1. Install firebase
  2. Run pnpm why selenium-webdriver (or yarn/npm equivalent)
  3. See that selenium-webdriver is included in the dependency (not devDependency) tree
dependencies:
firebase 9.13.0
├─┬ @firebase/auth 0.20.11
│ └── selenium-webdriver 4.5.0
└─┬ @firebase/auth-compat 0.2.24
  ├─┬ @firebase/auth 0.20.11
  │ └── selenium-webdriver 4.5.0
  └── selenium-webdriver 4.5.0

Simply moving tslib and selenium-webdriver to devDependencies should fix this.
@hsubox76
Copy link
Contributor

I think we can move selenium-webdriver but tslib is actually called at runtime in the bundles (if you check the bundle in the dist folder you'll find it). If your bundler does tree shaking I think it should be able to only bring in the necessary modules from tslib, but not 100% sure.

I don't think it should be bringing in any selenium-webdriver code at all? What bundler are you using? Does it automatically bundle all dependencies into production code? I thought putting unnecessary packages into dependencies would only impact npm installation, making you download more than necessary, but wouldn't end up in the production bundle unless actually referenced in the source code.

But I think we should move selenium-webdriver for clarity and to avoid excessive npm downloads by our users.

@jekh
Copy link
Author

jekh commented Oct 31, 2022

Thanks for looking into this! I do see that tslib is used for downleveling, so that does make sense, my apologies.

The code we ship to the client (we use next.js, so webpack is our bundler) doesn't include selenium-webdriver, but we still review all production dependencies, even the ones that should be tree-shaken out. One of our backend services also consumes @firebase/auth transitively, so selenium-webdriver is included in its production dependency install, even though it's not used at runtime.

Thanks for taking a look!

@jucesarsilva
Copy link

The selenium-webdriver breaks node version before 14.20.0

@prameshj prameshj mentioned this issue Nov 8, 2022
Merged
@google-oss-bot google-oss-bot mentioned this issue Dec 6, 2022
Merged
@firebase firebase locked and limited conversation to collaborators Dec 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@prameshj prameshj

Labels
api: auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add selenium-webdriver to devDependencies firebase/firebase-js-sdk
5 participants
@jekh @hsubox76 @jucesarsilva @google-oss-bot @prameshj